OpenSSL: Fix memory leak on an openssl_tls_prf() error path

Free tmp_out before returning to prevent memory leak in case the second
memory allocation in openssl_tls_prf() fails. This is quite unlikely,
but at least theoretically possible memory leak with EAP-FAST.

Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
This commit is contained in:
Ben Rosenfeld 2015-06-17 16:16:34 +03:00 committed by Jouni Malinen
parent 0b5740fdef
commit 144b6a0650

View file

@ -2747,8 +2747,11 @@ static int openssl_tls_prf(void *tls_ctx, struct tls_connection *conn,
} }
rnd = os_malloc(2 * SSL3_RANDOM_SIZE); rnd = os_malloc(2 * SSL3_RANDOM_SIZE);
if (rnd == NULL) if (!rnd) {
os_free(tmp_out);
return -1; return -1;
}
if (server_random_first) { if (server_random_first) {
os_memcpy(rnd, ssl->s3->server_random, SSL3_RANDOM_SIZE); os_memcpy(rnd, ssl->s3->server_random, SSL3_RANDOM_SIZE);
os_memcpy(rnd + SSL3_RANDOM_SIZE, ssl->s3->client_random, os_memcpy(rnd + SSL3_RANDOM_SIZE, ssl->s3->client_random,